You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dependency check mvn clean org.owasp:dependency-check-maven:3.3.2:check returns medium severity vulnerability if dependency jar contains word -ws. moreover description suggests, it is relevant to node js platform.
CPE
cpe:/a:ws_project:ws:1.1.0::~~~node.js~~ and all previous versions
Description
Severity:Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
MISC - https://github.com/nodejs/node/issues/7388
MISC - https://nodesecurity.io/advisories/120
Vulnerable Software & Versions:
cpe:/a:ws_project:ws:1.1.0::~~~node.js~~ and all previous versions
Run dependency check mvn clean org.owasp:dependency-check-maven:3.3.2:check on later project.
The text was updated successfully, but these errors were encountered:
vashistha
changed the title
false positive CVE-2016-10542 in java project name containing word -ws
false positive CVE-2016-10542 in java project if dependency jar name contains word -wsOct 23, 2018
vashistha
changed the title
false positive CVE-2016-10542 in java project if dependency jar name contains word -ws
false positive CVE-2016-10542 in java project if dependency jar name contains word '-ws'
Oct 23, 2018
dependency check
mvn clean org.owasp:dependency-check-maven:3.3.2:check
returnsmedium
severity vulnerability if dependency jar contains word-ws
. moreover description suggests, it is relevant to node js platform.CPE
cpe:/a:ws_project:ws:1.1.0::~~~node.js~~ and all previous versions
Description
Reproducing the false positive vulnerability
mvn clean install
mvn clean org.owasp:dependency-check-maven:3.3.2:check
on later project.The text was updated successfully, but these errors were encountered: